›Added a new **Blacklist** tab on every script dashboard: auto-detected HWIDs now land as *pending* and require owner approval before they are silently honeypotted. Owners can approve, reject, unblacklist, or whitelist a HWID (whitelist exempts it from future auto-blacklist).
›HWID blacklists remain strictly per-script — a ban on one script never carries over to another.
›Tester scripts (via tester API keys) no longer trigger auto-blacklist or HWID-mismatch honeypot, so owners can move between phone and laptop while iterating.
›Patched the tester loader handoff so the real executor environment is preserved through the micro-stub and VM diagnostic wrapper, preventing silent no-output runs on stricter executors.
›Added a new one-shot loader delivery mode (opt-in, FFA scripts): the whole protected script arrives in a single response instead of the multi-step handshake, removing an entire class of silent-execution bugs caused by header-keyed transport encryption.
v1.76.0042026-07-11
Critical loader execution recovery
›Fixed a Stage-1 delivery wrapper path that could stop before Stage 2 with no console output on some Roblox executors, making a valid loadstring appear to do absolutely nothing.
›First loader response remains a tiny bootstrap so passive dumpers capture only a small handoff instead of the full protected loader shell.
›`/massunwhitelist` and `/massunblacklist` now require a **role** and only affect users with that role, instead of wiping the entire server list.
v1.76.0032026-07-11
Header navigation visibility + VM runtime hardening
›Reduced VM runtime fingerprinting and strengthened internal constant-pool integrity.
›Increased desktop dashboard navigation contrast and header presence so the top navigation remains visible on live screens.
›Replaced the old desktop top-button layout with the burger drawer on every viewport, keeping the Faulmor brand centered across live desktop and preview screens.
v1.76.0022026-07-10
Loader v2 rolled out to everyone + MelonX admin parity
›Loader v2 (hardened key-exchange delivery path) is now the default for every script and every client — no more tester-only gating. Passive network dumpers walk away with strictly less usable material than on the legacy path, and the legacy path stays wired in as an instant kill-switch fallback.
›MelonX bot now mirrors the Faulmor Admin Panel with Fame-only slash commands: kill switch, broadcast banner, maintenance mode, changelog publisher, analytics, anti-crack feed, audit log, and an on-demand obfuscator that returns a hardened .lua file. Every admin command is signed with the shared bot secret and logged to the admin audit trail with the acting Discord ID.
›MelonX bot slash commands now register from the bot host on startup (manual register uses the same host-owned guild sync path), and the packaged upload is a flat zip that leaves environment files on the host between re-uploads.
v1.76.0012026-07-08
Per-command API picker + delivery hardening
›Discord bot: every action command (`/whitelist`, `/unwhitelist`, `/massunwhitelist`, `/genkey`, `/massgenkeys`, `/blacklist`, `/unblacklist`, `/massunblacklist`, `/deploypanel`) now has an **api** autocomplete option, so servers with multiple linked APIs can pick which key each command runs against — no more silently using whichever key was last active.
›Retired `/setactiveapi`: choosing the api on any command now switches the active key automatically, and if a server has more than one API linked the bot refuses to guess and asks the admin to pick.
›Tightened loader delivery so passive network dumpers that only capture the first-stage response no longer walk away with usable key material.
›Stabilized production builds for the newest protection pipeline so tester script builds stay deployable.
v1.76.0002026-07-07
Next-gen protection is now the default
›All script builds now go through our newest protection pipeline by default — stronger runtime hardening, cleaner delivery, and better reliability across supported executors.
›Retired the older protection tiers from every user-facing surface (dashboard, admin playground, tester APIs). No more version pickers — you always get the strongest build we ship.
›If a script can't be built with the new pipeline (unsupported syntax, parser errors), it automatically falls back to a plain-parser build and the dashboard now shows a red warning next to the download button.
›When a fallback build ships, the script owner is pinged on their configured alert webhook with the failing fingerprint so they can rewrite the offending Lua for full protection.
v1.75.0032026-07-05
New VM tester path + build stability
›The script dashboard's Discord setup now keeps server configuration in the panel and gates bot invite flow until the required fields are saved.
›Tester API scripts now enter the New-VM build path directly, with fallback still disabled so VM v3 validation failures stay visible instead of silently downgrading.
›Development builds now recognize the New-VM compiler's WebAssembly module import, fixing the build break that blocked VM v3 testing.
v1.75.0002026-07-04
New /setup command, safer runtime routing, VM stability patch
›Added `/setup` — one Discord command that picks the admin role for your server and links your Faulmor API key in a single step. Every other command now refuses to run until `/setup` has been completed, and `/menu` plus every admin command respect the chosen role.
›Removed `/linkapi` (folded into `/setup`) and `/listapis` (`/setactiveapi` already lists every linked API in its picker). Old command names return a friendly redirect.
›Temporarily routed live script execution through Faulmor Safe Mode while the full VM compiler is rebuilt against the regression corpus, so valid scripts stop receiving brittle legacy VM output.
›Stabilized protected runtime execution across stricter Roblox executor environments and cut repeat VM abort paths plus repeated VM callback allocation overhead for large scripts.
v1.74.0352026-07-02
Critical obfuscator reliability patch
›Fixed several full-VM output paths that could corrupt valid Roblox script literals or reject supported Luau before delivery.
›Tightened runtime self-checks so integrity guards catch real key tampering without adding loader startup lag.
›Expanded parser safety coverage for long function signatures and levelled Luau long strings/comments, reducing repeat update regressions.
v1.74.0342026-07-02
Loader latency fix — no more multi-second freeze on execute
›Fixed a runtime path that could freeze the game thread for several seconds on large scripts before user code started running. Execution now begins essentially immediately after the loader hands off, matching the pre-regression feel.
›Rebalanced the protected runtime's internal integrity sampling so the same tamper-detection guarantees hold with a fraction of the per-instruction cost.
›Resolved a rare bytecode path that could abort a valid script mid-execution on its very first tick.
v1.74.0322026-07-02
Critical loader runtime reliability patch
›Fixed a full-VM runtime path that could freeze or stop execution on normal client machines, while keeping the protected delivery flow intact.
›Reduced protected loader payload weight and startup decode work so large scripts spend less time rebuilding the runtime before user code starts.
›Included the recent Roblox method-chain parser and output-scanner fixes in this critical rollout so Citizen and Royal users receive the patch immediately.
v1.74.0312026-07-02
Broader Luau acceptance + safer compound rewrites
›The obfuscator now handles more real-world Luau syntax without failing: `const` declarations, floor-division compound assignment (`//=`), multi-line `type` aliases (union/intersection/table forms wrapping across lines), and the full string-escape set (`\xHH`, `\ddd`, `\u{…}` as UTF-8, `\a \b \f \v`, and the `\z` whitespace-eater across newlines).
›Fixed floor-division precedence so mixed multiplicative expressions like `a * b // c` compile to `math.floor((a*b)/c)` instead of silently regrouping.
›Compound assignments (`+=`, `-=`, `*=`, `/=`, `%=`, `^=`, `//=`, `..=`) whose lvalue contains a function call — e.g. `t[key()] += 1` — are now safely hoisted into a `do local … end` block so the call fires exactly once, matching native Luau semantics.
v1.74.0302026-07-02
Loader reliability + safer Luau builds
›Removed a rare delivery path that could make a valid paid execution return without visible console output, while keeping protected delivery and telemetry intact.
›The obfuscator now accepts broader Luau syntax forms and rewrites them transparently to plain Lua before VM compilation, so supported Roblox scripts need fewer manual edits.
›Added a parser-safety scan for the obfuscator pipeline so malformed Luau rewrites are caught before protected payloads reach script delivery.
›New **Server-Verified Runtime**: eligible scripts are split into multiple encrypted slices fetched sequentially at runtime, each re-keyed per request so no two fetches look alike. A live heartbeat lets us revoke running sessions instantly from the dashboard via the new Live Session Kill-Switch card.
›Consolidated protection settings into a single **Obfuscation Mode** selector with three presets: Quick (fast), Standard (full VM), and Maximum (full VM + Server-Verified Runtime). The old Fast Mode / SVR toggles are gone.
›Introduced plans: **Citizen** (free — 20 obfuscations/week, 3 Maximum-mode uses/month) and **Royal** ($3/mo crypto, coming soon — unlimited everything). Dashboard shows live usage counters and auto-snaps Citizens off Maximum mode when the monthly cap is hit.
›Raised the VM pipeline source cap to 1 MB (was 64 KB), so much larger scripts now build through the full Faulmor VM instead of being rejected.
v1.74.0282026-07-01
Full VM only + broader Luau syntax support
›Removed the compatibility fallback path. Every delivered and downloaded script now goes through the full Faulmor bytecode VM (custom opcodes, K-pool, dispatch loop, vmify envelope) — no more silent base64/loadstring surface.
›If a script uses Luau syntax the parser cannot yet compile, delivery now hard-fails with the exact reason instead of quietly shipping a weaker build, so you always know when to simplify.
›Expanded Luau tolerance: `declare` ambient statements and `declare class ... end` blocks are stripped, and the `!` non-nil assertion (e.g. `foo!.bar`, `f()!`) is now accepted alongside the existing rewrites for `continue`, compound assignments, type annotations, generics, backtick interpolation, `<const>`/`<close>`, `@attributes`, numeric separators, and binary literals.
v1.74.0272026-06-30
Discord login fixes + VM fallback hardening
›Discord sign-in now always uses Faulmor's stable app-owned callback URL instead of request/preview hosts or the retired external callback, preventing Discord's invalid redirect URL error.
›Removed the retired external OAuth client from the login, session, and server-call attachment paths so new Discord sign-ins use only the app-owned callback flow and stop re-triggering the old mobile loop.
›Parser-incompatible scripts no longer fall back to a plain base64 runner; Faulmor now emits a compatibility bytecode VM wrapper so loader-delivered code still uses a VM path even when the full compiler cannot parse the source.
v1.74.0262026-06-30
Login build stability + loader alert fixes
›Per-script Discord execution alerts now also fire for early loader/session blocks tied to a script, and failed Discord webhook responses are surfaced in server logs instead of disappearing silently.
›Loader validation now accepts the new lowercase 36-character dormant/active keys that include `$`, `&`, `@`, and `!`, so redeemed keys work after activation instead of being rejected before lookup.
›Production builds no longer pull request-only login helpers into the browser bundle, keeping the custom Discord/manual login flow deployable.
v1.74.0252026-06-29
Dormant keys + cleaner key management
›`/genkey` and `/massgenkeys` no longer pre-create separate whitelist keys. Generated keys are now **Dormant** placeholders — they only become live, loader-usable keys once a user redeems them through the panel.
›Script dashboard now filters keys by **Active** vs **Dormant**, with sub-filters for **Lifetime** and **Temporary** under Active so big key lists are easier to scan.
›Removed the redundant *Copy key* button from the key card — the *Copy script* button already embeds the key in the loader snippet.
v1.74.0112026-06-28
Bot-owned command cleanup + cleaner public copy
›Removed the remaining legacy website action bridges for Discord/admin/slot operations. Bot-facing data endpoints now update the database directly, keeping Discord command handling fully owned by the hosted bot.
›Homepage hero subtitle, footer text, and meta descriptions now frame Faulmor as a developer protection and licensing tool for Lua code, with clearer language for Discord link previews and search results.
›Hardened the bot-owned Discord command registration path so renamed commands are wiped and re-published from the bot host using the local command list and the configured Discord application ID.
v1.74.0102026-06-28
Multi-API Discord links + manual panel deploy from the dashboard
›Discord servers can now link **multiple** Faulmor APIs at once. Run `/linkapi <api_key>` as many times as you want; one is the **active** API that drives every command. Use `/listapis` to see them all, `/setactiveapi` to switch which one is in use, and the new `/unlink` command opens an ephemeral menu so you pick exactly which linked API to remove — no more accidentally unlinking the wrong script.
›Added a **Manual Deploy** card on each script's Panel tab. Paste a Discord channel ID (and optional buyer role ID) and click *Deploy now* — the bot picks the job up within seconds and posts the configured panel embed straight into that channel. Useful for re-posting after edits without leaving the dashboard.
›Mobile dashboard polish, per-script Alert Webhook, and per-function `LPH_NO_VIRTUALIZE` / `LPH_SKIP` macros (rolled in from 1.74.009).
›Fixed the loader path that could make a valid script appear to execute while nothing happened. Paid scripts using `script_key="..."` now stay on the stable delivery path, and compatibility checks no longer silently block legitimate executors.
›Repaired affected database rows from the false-positive loader incident and added self-healing for Public/FFA scripts so missing or disabled public keys are recreated automatically.
›The bot-owned `/genkey` and `/massgenkeys` commands now only ask for the details that matter: label for one key, and amount plus optional label for batches. Stockpile/day-style prompts were removed from the Discord command menu.
›Loader delivery got a quieter, meaner backend: suspicious key patterns are auto-throttled, each delivery is salted uniquely so two captures never look alike, and a small fraction of requests get tripwire responses that flag and blacklist any caller who tries to replay them. Redeem attempts are also rate-limited per account to shut down credential-stuffing.
›Dashboard now shows per-script analytics — a 30-day execution chart and top users — and the script creation flow has a clean Public / Private mode picker plus an HWID Tracking toggle. Public scripts no longer surface key management since they don't use keys. FAQ moved to its own `/faq` page, and Privacy + Terms pages are now live.
›Refreshed the landing page with a new hero image, tighter bento-style feature grid, and updated copy. Discord bot help is consolidated into a single `/menu` command with a category picker, and the bot zip now extracts with files at the root (no more `bot/` wrapper) so Pterodactyl-style hosts read it correctly.
›Protected payloads now ship through an extra compression stage before encoding, producing noticeably smaller files for the same protection level (typical 25–45% smaller than the previous build).
›Scripts written for other obfuscators that use per-function escape macros (e.g. `LPH_NO_VIRTUALIZE(function() ... end)`) now compile under FaulMor without edits — the macros are accepted and applied at the file level.
›Loader delivery now locks each script key to the first machine that runs it. Attempts to deliver the protected payload on a different machine fail closed without revealing anything to the requester. `/forceresethwid` clears the lock so the legitimate user can re-bind on a new device.
›Each delivery is freshly keyed end-to-end, so two runs on the same machine produce byte-different protected payloads — replaying or diffing captured deliveries no longer yields anything useful.
›Script owners can optionally supply their own 256-bit key that participates in the protected runtime's per-function masking, so even identical source produces divergent protected output across owners.
v1.74.0042026-06-25
Bot host owns the whole Discord surface
›Constants referenced by tag-routed operations now sit behind a separate protection path, so reversing one constant stream no longer exposes every value used by the protected runtime.
›The interpreter now re-checks protected instructions as they execute, catching mid-run tampering much sooner without changing how legitimate scripts run.
›Removed the old website-side Discord command sync/admin UI and retired the remaining website Discord handlers. The gateway bot now owns slash commands, menu buttons, panel buttons/modals, and slot status message refreshes; the site only exposes thin database endpoints.
v1.74.0022026-06-23
Slimmer Level 5 envelope + harder-to-pattern-match VM
›Shrunk the outer envelope on Level 5 builds by roughly half. Same protection, less to download and parse.
›Common `return localVar`, `return "text"`, `return 42`, and `return globalName` tails now compile into a single fused operation instead of two. Removes one of the most recognizable bigram patterns devirtualizers key on.
›Split the main interpreter loop so the simpler operations no longer sit in the same flat chain as the rest. Static signature matchers built from one export of the runtime no longer line up against the next one.
v1.74.0012026-06-23
Bot host now owns every slash command
›Moved the last legacy commands (`/linkapi`, `/unlinkapi`, `/setchannelforlogs`, `/panelhelp`, `/deploypanel`, `/blacklist`, `/unblacklist`, `/massunblacklist`) onto the bot host. The bot posts the redeem panel embed and applies the buyer-role color itself. The website is no longer in the request path for any slash command — it only stores data.
›`/genkey` and `/massgenkeys` now default to Stockpile mode — just pick the command and pass `days`, no need to set `key_type` every time. Stockpile is the right pick for keys handed out ahead of time since the timer only starts when the buyer actually redeems. Timed and Permanent are still available explicitly.
›Renamed `/menu` to `/slotmenu` so it's obvious which command surfaces the slot-management list. The old name still routes to the new one for now, so existing muscle memory keeps working.
v1.74.0002026-06-23
All hosted Discord commands now run on the bot itself
›Moved the whitelist commands (`/whitelist`, `/unwhitelist`, `/massunwhitelist`, `/genkey`, `/massgenkeys`) entirely off the website. The bot builds the embeds, hands out the buyer role, and uploads the keys `.txt` file itself; the website is only touched for the database write. Result: faster replies and bot-host outages no longer take down those commands.
›Moved the slot system commands (`/link`, `/setcount`, `/compensate`, `/transfer`, `/clear`, `/freeze`, `/resume`, `/menu`, `/status`) onto the bot host too. The bot posts the live status embed and deletes the old one itself instead of asking the website to do it.
›Moved the admin commands (`/stats`, `/lookup`, `/forceresethwid`, `/suschannel`) over as well. The bot writes the HWID force-reset log message into your configured log channel directly. Combined with the previous two batches, every hosted slash command now runs on the gateway bot — the website is purely a data backend.
v1.73.0002026-06-23
Bot stability + smaller protected payloads
›Reworked the internal bytecode layout so protected scripts ship with a flatter, more compact instruction representation. Same protection, slightly smaller files — most noticeable on large scripts.
›Removed the old `/massgenkey` command (capped at 50 keys, returned them as an embed) and renamed `/massgen` to `/massgenkeys`. The new command supports up to 1000 keys per run and always delivers them as a `.txt` file attachment.
›The Discord bot now owns its slash command list directly. It no longer fetches commands from the dashboard on startup, so command updates land instantly without a website round-trip and there's one less moving part to drift out of sync.
›Numeric constants inside protected scripts now go through an additional type-specific encryption layer separate from the string-constant pipeline. Decoding tools that only learned the generic constant decoder will return garbage for every number until they recognize and implement the second layer.
›Added a runtime environment-tampering guard: if a tool swaps the script's execution environment mid-run (a common probe used by dumpers and tracers), the protected script silently locks up instead of continuing.
›Investigated a 30% payload-size reduction by switching the outer wrap's encrypted blob to a string literal. Shelved for now — the format conflicts with our final minification pass and would have shipped a broken Level-5 build. Will revisit once the pipeline is reordered.
›Protected scripts now emit on multiple lines instead of one mega-line, so you can actually skim the output to confirm Faulmor protected your script without scrolling sideways forever. Output is split only at safe statement boundaries — strings, tables, and long brackets stay intact, so runtime behavior is byte-for-byte identical to the old single-line format.
›Added several new protection layers that resist common script-inspection and dumping tools. These changes are invisible at runtime for legitimate scripts but make protected output significantly more annoying to reverse-engineer.
›Fixed a bloat bug in Level-5 (vmify) obfuscation where a tiny script could balloon to ~870 KB. Same input now produces ~200 KB output (~4x smaller) with identical protection.
v1.72.0062026-06-22
Auto-expiring keys + community stats
›Hosted Discord bot command sync now repeats the wipe/delete pass for global and server commands and filters removed names defensively before publishing, so renamed or deleted commands disappear from every server within seconds.
›Added a live 'by the numbers' section to the home page showing how many creators have joined and how many scripts are currently protected, with a call to grow the community.
›Expired, blacklisted, and whitelist-expired keys are now automatically retired every 5 minutes. They're removed from your active User Keys list, but the Roblox user who used the key stays visible on the script dashboard with an EXPIRED or BLACKLISTED badge so history is preserved.
v1.72.0052026-06-22
Instant Discord command cleanup
›Discord bot now pushes command updates to every server it's in the moment it starts, instead of waiting up to an hour for Discord's global propagation. New servers get commands instantly on join too.
›Bot command sync now wipes global commands and rewrites every server's command set on startup, so removed slash commands disappear from the menu instead of lingering as placeholders.
›Added an extra hard-delete pass for every server command after sync, removing old names and any leftover removed-command placeholders Discord still returns.
v1.72.0042026-06-22
Discord bot command cleanup
›The bulk-key command is now /massgenkey (same options: amount, temporary, duration, label) for naming consistency with /massgen.
›Slot commands dropped the redundant `slot` suffix: `/linkslot` → `/link`, `/setslots` → `/setcount`, `/slotstatus` → `/status`, `/slotcommands` → `/menu`. Same behavior, shorter to type.
›Removed the old direct Discord interactions webhook path so the hosted bot bridge is the only command source and stale commands cannot keep coming from two places.
v1.72.0032026-06-22
Roblox Users panel + slot/key UX polish
›Every script page now has a **Roblox Users** section listing the Roblox accounts that have actually executed your script, with username, Roblox ID, the key they used, and last-exec time.
›Removed the **Discord links** card from the main dashboard and the Discord links section from the script page — the data wasn't useful day-to-day.
›/freezeslot now takes an optional `user` — omit it to freeze (or unfreeze) every slot at once.
›/compensate now asks for a `user` instead of a slot number, and returns a clear ❌ *User is Not Whitelisted!* embed when the user isn't on the whitelist.
›FAULM keys generated via /genkey no longer start counting down before redemption — the timer only begins once the buyer actually redeems the key.
›Public changelog now publishes one batched release every 3 internal changes, and each release is auto-announced to **#FAULMOR-UPDATE** on Discord.
v1.72.0022026-06-22
Whitelist auto-slots + freeze pauses key timers
›Whitelisting a user with a timed key now automatically assigns them a slot (permanent keys skip the slot system).
›Unwhitelisting a user instantly frees their slot.
›/freezeslot now also pauses the whitelist key timer, and /extendslot bumps the matching key expiry so slot time and access time always stay in sync.
›Retired /addslot and /removeslot — slot lifecycle is fully driven by whitelist/unwhitelist now.
›All slot/whitelist durations consistently use the DD:HH:MM format (e.g. 00:00:01 = 1 minute, 00:01:30 = 1h 30m).
v1.72.0012026-06-22
Stockpile keys in /genkey + new /massgen file delivery
›/genkey now accepts a 'Stockpile' type — choose a day count and the timer only starts when the buyer first activates the key.
›New /massgen command generates up to 1000 keys in one shot and DMs them back as a .txt attachment for easy import into your storefront.
›Panel redemption forwards the stockpile flag to the dashboard so the script key inherits the correct activation behavior.
v1.72.0002026-06-22
Stockpile keys — timer starts on first use
›New key type 'stockpile' lets sellers pre-generate keys whose lifetime only begins when the buyer first activates them.
›No more wasted days while a key sits in your sales queue — generate a batch of 30-day keys once, sell them whenever.
v1.71.0722026-06-21
Hosted Discord bot startup alignment
›Bot zip startup targets now point to the same hosted command bridge and print clearer logs when a command reaches the bot host.
v1.71.0712026-06-21
Hosted Discord bot command bridge
›The standalone Discord bot now loads and runs the full Faulmor command set directly from bot hosting, including slot status and panel actions.
v1.71.0702026-06-21
Discord bot auto-registers commands
›The standalone Discord bot now publishes its slash commands on startup, so `/ping`, `/linkapi`, and `/setslots` appear without a separate setup step.
v1.71.0692026-06-21
Discord command response fix
›Discord slash commands now acknowledge immediately from the dashboard endpoint, preventing 'Application did not respond' when a command needs backend work.
v1.71.0682026-06-21
Discord bot Node 22 startup fix
›Updated the standalone Discord bot package so locked hosting panels can run it with plain `node index.js` without a TypeScript loader crash.
v1.71.0672026-06-21
Discord bot panel startup fix
›Added a root bot entrypoint for hosting panels that force `node index.js`, preventing missing-entry startup crashes.
v1.71.0662026-06-21
Discord bot crash diagnostics
›The standalone Discord bot now starts directly from source on common hosts and prints clearer configuration errors instead of only exiting with code 1.
v1.71.0652026-06-20
Discord bot revert
›Reverted the deferred-ack change. Commands reply directly again; the occasional cold-start miss is an accepted limitation of the HTTPS endpoint.
v1.71.0642026-06-20
Admin abuse feed fix
›Admin abuse panel now shows every recent security event instead of silently filtering most of them out.
v1.71.0632026-06-20
Discord bot reliability
›Slash commands now ack Discord instantly and post the result when ready, fixing 'application did not respond' on the first command after a cold start.
v1.71.0622026-06-20
Loader delivery hardening
›Reworked loader delivery so intercepted network traffic no longer exposes the full loader as readable text.
v1.71.0612026-06-20
Admin panel cleanup
›Removed the optional email verification step for the admin panel; access remains restricted to the Discord ID allowlist.
v1.71.0602026-06-20
Anti-dumper hardening
›Added structural protections against server-side script-dumper bots.
›Suspicious request sources are now routed to an inert decoy instead of receiving the real script.
v1.71.0592026-06-20
Protection improvements
›Tightened constant-table protection on protected scripts.
v1.71.0582026-06-20
Loader reliability
›Fixed an integrity check that could cause loaders to exit without any output. Failures now surface a clear console warning instead of being silent.
v1.71.0572026-06-19
Script delivery reliability
›Scripts that previously delivered nothing on execute now run reliably via an automatic fallback path.
v1.71.0562026-06-19
Removed /slots command
›Removed the `/slots` Discord command — use `/slotstatus` instead.
v1.71.0552026-06-19
Discord bot paid loadstring
›Discord `Get Script` button now returns the `script_key="..."` format for paid scripts, matching the dashboard.
v1.71.0542026-06-19
Paid loadstring format
›Paid script snippets now use the simple `script_key="..."` + plain loader URL format, matching FFA style.
v1.71.0532026-06-19
FFA loader hotfix
›Fixed a loader parse error that could surface as a runtime error in the user's LocalScript on FFA scripts.
v1.71.0522026-06-19
Executor identifier overhaul
›Loader now reports the correct executor name for Delta, Volt, Synapse Z, KRNL, Fluxus Z, Arceus X, Potassium, Solara and others.
›Detection reads through getgenv() so executors that hide globals from script fenv are identified correctly.
v1.71.0512026-06-19
Monetized loader lockdown
›Paid script delivery now uses the same keyless loader handoff as FFA mode.
›Raw paid loader source no longer includes the user's reusable script key.
v1.71.0502026-06-19
Raw delivery lockdown
›Closed a direct delivery path so free loaders no longer expose a reusable key in raw source.
›Execution now fails closed if the protected delivery layer cannot be produced.
v1.71.0492026-06-19
Payload delivery hardening
›Scripts are now delivered through the protected runtime by default, reducing what a runtime inspector can capture.
›Removed the email 2-step code step on the admin panel — allowlisted admins now go straight in.
v1.71.0462026-06-19
Admin script testing
›Admins can open a dedicated Script Testing area from the admin panel to create API keys and try scripts without touching the public dashboard.
v1.71.0452026-06-19
Loader hardening
›Added additional integrity protections to the loader against tampering.
›No changes to legitimate executor compatibility.
v1.71.0442026-06-17
Maintenance overlay shows for signed-in users
›Maintenance overlay now displays for all non-admin visitors, including signed-in users.
›Only verified admins bypass the overlay so they can keep operating the panel.
v1.71.0432026-06-17
Maintenance mode frontend
›The site now shows a full-screen maintenance overlay to visitors when maintenance mode is active.
›Increased the maintenance message limit from 280 to 2000 characters so longer announcements fit.
v1.71.0422026-06-16
Execution performance fix
›Reduced live execution overhead so valid scripts start faster on slower executors.
›Adjusted compatibility handling so uploaded scripts execute closer to their original runtime behavior.
v1.71.0412026-06-14
Executor handoff fix
›Improved execution handoff compatibility for executors that isolate script environments differently.
›Expanded request response handling so valid scripts can load across more executor variants.
v1.71.0402026-06-14
Executor compatibility fix
›Improved script delivery compatibility for executors that expose request support differently.
›Extended valid execution response handling so larger protected payloads run more reliably.
v1.71.0392026-06-13
Execution delivery fix
›Improved script delivery compatibility across executors that handle backend requests differently.
›Kept the loader verification flow intact while making valid executions more reliable.
v1.71.0382026-06-11
Tighter protection layer
›Closed two long-standing shape leaks in protected output so common patterns are harder to fingerprint.
›Roundtrip + regression tests extended to cover the new paths.
v1.71.0372026-06-11
Hardened protection layer
›Locked in stronger output protection across all script downloads and live executions.
›Added regression checks so the protection layer can't silently regress.
v1.71.0362026-06-11
Cleaner FFA ↔ Monetize switch
›Switching a script to FFA now auto-disables existing lifetime and temporary keys; switching to Monetize disables the public FFA key.
›Whitelisting a user with an infinite/lifetime key no longer takes up a slot.
v1.71.0352026-06-11
Delete script from dashboard
›Owners can now permanently delete a script from its dashboard page — wipes keys, slots, source, and backups in one click.
›Two confirmations required so you don't nuke a live script by accident.
v1.71.0342026-06-11
FFA fix + Maintenance Mode
›New FFA scripts now show the loader loadstring right away — no more toggling paid/FFA to make it appear.
›Admins can flip Faulmor into Maintenance Mode from the admin panel; users see a clear message and dashboard actions are frozen until it's turned off.
v1.71.0332026-06-11
FFA mode: cleaner dashboard
›FFA mode now shows a single loadstring panel instead of a confusing key entry.
›Anyone can run an FFA script with just the loader line — no script_key, no setup.
v1.71.0322026-06-11
Rename: free → FFA mode
›Renamed free scripts to FFA mode in the dashboard.
›FFA mode runs from just the loader loadstring — no script_key required.
v1.71.0312026-06-11
Security: hardened loader handoff
›Tightened how the loader talks to our backend to better protect session data in transit.
v1.71.0302026-06-11
Tweak: friendlier FAQ
›Rewrote the homepage FAQ to be simpler, shorter, and easier to understand.
v1.71.0292026-06-11
Tweak: simpler Secured Script section
›Rewrote the Secured Script section to be shorter, friendlier, and easier to skim.
v1.71.0282026-06-11
Tweak: clearer pipeline steps
›Rewrote the three pipeline steps on the homepage to be simpler and easier to follow.
v1.71.0272026-06-11
Tweak: clearer homepage intro
›Rewrote the homepage headline and intro to be simpler and easier to understand.
v1.71.0262026-06-11
Tweak: pipeline section headline
›Updated the pipeline heading copy on the homepage.
v1.71.0252026-06-11
Fix: bot-check works in preview too
›Preview builds now use a safe verification path while the live faulmor.site domain keeps the real bot-check challenge.
v1.71.0242026-06-11
Fix: bot-check no longer gets stuck loading
›Updated site security rules so the verification challenge can load properly, with a clearer retry state if it cannot start.
v1.71.0232026-06-11
Fix: bot-check widget now loads on every visit
›Resolved an issue that prevented the verification challenge from appearing on the live site.
v1.71.0222026-06-11
Bot-check at the front door
›Added a quick Cloudflare Turnstile challenge on first visit to keep automated traffic out. Verified visitors are remembered for 24 hours.
v1.71.0212026-06-11
Stronger protection rolled out to all scripts
›All served scripts now go through the latest protection pipeline, not just newly saved ones.
v1.71.0202026-06-11
Official Faulmor logo as site favicon
›Replaced the generic globe favicon with the official Faulmor logo across browsers and link previews.
v1.71.0192026-06-10
Rebranded website references to Secured Script
›All user-facing labels, descriptions, and meta tags now refer to scripts as Secured Script instead of loadstring.
v1.71.0182026-06-10
Fixed protected scripts failing to execute
›Resolved a runtime error that caused every Faulmor-protected loadstring to error on execution. Re-download or regenerate to get the working build.
v1.71.0172026-06-09
Fixed temporary key generation crash
›Generating a temporary key no longer crashes the script page after creation.
v1.71.0162026-06-09
Rewrote the landing page copy
›Cleaned up the hero, pipeline, feature list, FAQ, and final call-to-action with clearer, more professional wording.
›Refreshed the page title and share description to better reflect what Faulmor does.
v1.71.0152026-06-09
Fixed support ticket creation error
›Submitting a new support ticket no longer fails with a database constraint error.
v1.71.0142026-06-09
Fixed support tickets sign-in error
›Creating, viewing, and replying to support tickets no longer fails with an authorization error — the support system now uses the same Discord login as the rest of the site.
v1.71.0132026-06-09
Prettier /slotstatus embed
›The /slotstatus embed now uses a large heading and clean separator lines for a more polished look.
v1.71.0122026-06-09
Polished sign-in copy
›Rewrote the sign-in page description with cleaner, more professional wording that better reflects Faulmor as its own platform.
v1.71.0112026-06-09
Background rain tuned per device
›Background hex particles now spawn from fully off-screen and use a lighter count on Android (10) while keeping the full 40 on desktop.
v1.71.0102026-06-09
Disabled background rain on Android
›Turned off the decorative hex-particle background on Android, where the dynamic address bar was causing the particles to bunch into a horizontal band.
v1.71.0092026-06-09
Smoother background on Android
›Fixed the floating hex particles clumping at the bottom of the screen on Android — they now spread evenly across the page on first load.
v1.71.0082026-06-07
Discord command response fallback
›Discord commands now return instantly when possible and only use the loading state for slower work, preventing commands from getting stuck thinking.
v1.71.0072026-06-07
Simplified admin access
›Removed the email verification step on the admin panel — Discord-ID allowlist is the sole gate for now.
v1.71.0062026-06-07
Admin bot-secret sync button
›Added a one-click button in the admin Bot panel to push the current bot secret into the internal config used by scheduled jobs.
v1.71.0052026-06-07
Hardened admin & internal endpoints
›Re-enabled the email 2FA code on the admin panel — Discord login alone no longer grants access.
›Internal background updaters now require an authenticated caller and reject anonymous traffic.
›Tightened database access rules on sensitive internal tables.
v1.71.0042026-06-07
Discord command follow-up fix
›Discord slash commands now keep their background follow-up alive after the instant defer, so commands no longer stay stuck on the loading state.
v1.71.0032026-06-07
Smooth scroll-in animations
›Landing page sections now gently fade and slide into view as you scroll. Respects reduced-motion preferences.
v1.71.0022026-06-07
Admin support link fix
›Clicking Support Tickets from the admin panel now opens the support queue instead of doing nothing.
v1.71.0012026-06-07
Discord bot reliability
›Slash commands now always ack within Discord's 3-second window — no more “application did not respond” on slow or first-of-the-hour commands.
›Removed an unnecessary pre-verify lookup that was eating into the response budget on cold workers.
v1.71.0002026-06-07
Smooth section scrolling
›Tapping How it works or FAQ from the header (and hamburger menu) now glides to the section instead of jumping.
›Changelog page header layout tidied so the version badge sits on its own line.
v1.70.0002026-06-07
Support tickets
›Signed-in users can open support tickets and chat directly with Faulmor admins from /support.
›FAQ section now links straight to the ticket form for anyone who needs more help.
›Admins get a dedicated /admin/support queue with open/closed filters and reply + close controls.
v1.69.0002026-06-07
Hero refresh — BETA badge + code rain
›Hero pill now reads BETA instead of the version string.
›Floating hex-code strings drift up behind the hero for a subtle background effect.
v1.68.0002026-06-07
Free script loadstring cleanup
›Free scripts now copy a clean loadstring with no script_key line — the public key is baked into the loader.
v1.67.0002026-06-07
Landing polish + mobile nav
›Mobile header now uses a hamburger drawer with full nav access.
›Homepage gained a recent-changelog teaser block.
›Refreshed site meta description and social preview copy.
v1.66.0002026-06-07
Discord invite added across site
›Discord invite (discord.gg/faulmor) now visible in the header, landing CTA, and footer.
v1.65.0002026-06-06
Bulk key generation
›New /genbulkkeys command — generate up to 50 keys in one shot with amount, temporary yes/no, and DD:HH:MM duration.
v1.64.0002026-06-06
Bot invite requests all permissions
›Invite link now pre-checks every Discord permission so the bot works in any channel out of the box.
v1.63.0002026-06-06
Clearer Discord permission errors
›/slotstatus and /deploypanel now explain exactly which channel permissions the bot is missing instead of dumping a raw Discord error.
›/deploypanel no longer reports success when the panel post actually failed.
v1.62.0002026-06-06
Discord embed polish
›Bot replies now use Discord headings, bold highlights, separator lines and richer emojis across help menus and key actions.
v1.61.0002026-06-06
Loader hardening
›Loader responses now ship under an opaque per-request envelope.
v1.60.0002026-06-06
Obfuscator hardening pass
›Additional protection layer applied to every fresh build.
v1.59.0022026-06-06
Public status banner
›Landing page now shows live broadcast announcements from the Admin Panel.
v1.59.0012026-06-06
Discord bot — /unlinkapi
›New /unlinkapi command clears the synced Dashboard API key from the server.